Why #SecurityEverywhere M&A strategy by Cisco is Remarkable

Reading the recent news from Cisco about its intent to acquire OpenDNS made to think about the strategy behind this group of acquisitions that the company have been doing since 2013.

Every report that you read about Cybercrime is saying the same: Hackers don’t sleep, and they are always finding new ways to steal your data, or to crack your Mobile device, or use your laptop or computer like part of a highly sophisticated botnet.

For example, there is the report from Juniper Research that said that “Cybercrime will Cost Businesses Over $2.1 Trillion by 2019”, where they found found that the majority of these breaches will come from existing IT and network infrastructure, but there is an increasing interest in the Internet of Things (IoT) and mobile devices, so to be prepared for this inmmediate future, organizations need to be creative, looking for the best platforms to be protected. And to which company they will begin to look?

That’s why Cisco wants to become in the de-facto partner to call, covering every corner of the Security business. How they are doing this? Keep reading.

First the statement, then a highly calculated execution

In March 20th, 2013, Hilton Romanski, Head of Business Development at Cisco, who is responsible for driving Cisco’s M&A strategy and managing its over $2 Billion private investment portfolio; wrote a very interesting post about what would be the next for Cisco, embracing their particular strategy called: Buy, Build, Partner:

In 2012, M&A deal volume in the industry dropped more than 15 percent while overall deal consideration dropped by a dramatic 30 percent. Despite this trend, 2012 represented the most active M&A year for Cisco in over a decade with 14 acquisitions and nearly $8 billion in transactions.
After two of the quietest years for M&A at Cisco, why have we kicked our M&A motor into high gear? Well the answer can be found in the journey we have been on over the last couple of years. That journey started with a new Strategy.
It has been fueled by Readiness. And, it has arrived through Actionability.In late 2011, with a solid strategy in place, management turned its attention back to what it had always done from its humble beginnings: lead in strategic categories and extend leadership to new markets.
With a breadth of talented leadership, fresh ideas began to flow to key posts across Cisco’s engineering, sales and services ranks.

The combination of good strategy and exceptional leadership inside the business allowed Cisco to aggressively seek out opportunities in the market during a time when the tech M&A landscape seemed to be largely void of meaningful activity.

As an example, the steady-step execution of a clear Cisco Mobility strategy has delivered for our customers in a big way. In the span of a quarter, Cisco acquired Cariden, Broadhop, and Intucell — all of which are part of an overall drive to bring more intelligence from the very ends of networks to the IP edge where Cisco can add value and solve customer problems.

Other examples include leadership in Unified Access and Data Center where deals like Meraki and Cloupia enable Cisco to continue to stress next generation enterprise architectures and business models that are adjacent to Cisco’s core business.

Finally, in the area of Video, Cisco delivered on its software-based Videoscape architectural strategy through a series of well-mapped acquisitions, culminating in the $5 billion acquisition of NDS, the largest tech deal of 2012.

Based in these principles, they began to search for high-quality companies and products which could be part of this strategy, mainly focused in the 5 foundational priorities they had identified, and it came with a highly targeted acquisition deals to revamp its Security business.

Remember that I just talking about Security-focused acquisitions, Cisco has acquired more companies in Cloud Computing, Internet of Things and Networking, but that’s a topic for other post.

The fist one was Cognitive Security

In January, 2013, they announced the intent to acquire Cognitive Security, a company with its headquarters in Prague, Czech Republic. The main reason behind this decision was the disruptive technology developed by the company, using cutting edge research in artificial intelligence techniques to detect advanced cyber-threats in real-time. Searching more about it, I found a very informative presentation called: Anatomy of Advanced Persistent Threats, done by Gabriel Dusil, the former VP of Global Sales & Marketing at Cognitive Security:

where he explained brilliantly what is an Advanced Persistent Threats, and how the technology behind Cognitive Security, was being used to detect them using real-time behavioural analytics. Cisco completed the acquisition in February, 2013.

The second one was Sourcefire

This was the second one, a leader in intelligent cyber security solutions. They completed the acquisition in October, 2013, rebranding all Sourcefire’s products under Cisco FirePOWER 7000, Cisco FirePOWER 8000, Cisco AMP for Networks, Cisco SSL and Cisco FireSIGHT Management Center. They said in a press statement about this:

The Sourcefire acquisition accelerates Cisco’s security strategy of increased intelligence and expanded threat protection across the entire attack continuum.With the acquisition, Cisco will provide a broad portfolio of integrated solutions that deliver unmatched visibility and continuous advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly — before, during, and after an attack.

The third one was ThreatGRID

In May 21th of 2014, Cisco announced the intent to acquire ThreatGRID, a company based in New York, which offers dynamic malware analysis and threat intelligence technology, both on-premise and in the cloud. Like the announcement said, this company would be inside the Advanced Malware Protection, the technology developed by Sourcefire. They completed the acquisition in June 16, 2014.

To describe why they acquired ThreatGRID, just read the comment about this from Hilton:

Thank you for your note, Parag. The acquisition of ThreatGRID absolutely complements Cisco’s Advanced Malware Protection (AMP) portfolio that we acquired through Sourcefire. The AMP solution is now integrated into Cisco Web Security Appliances, Email Security Appliances, and Cloud Web Security offerings. The acquisition of ThreatGRID builds on the foundation of security market leadership from both Sourcefire and Cisco.

The fourth one was Neohapsis

In December of 2014, Cisco announced the intent to acquire Neohapsis, a Chicago-based security advisory company providing services to address customers’ evolving information security, risk management, and compliance challenges. Then, in January of this year, they completed the acquisition. With Neohapsis, Cisco is covering Risk Management, with a very strong and experienced team advisoring to Fortune 500 customers.

Now, OpenDNS to cover something that everyone use: DNS

I have talked several times about OpenDNS, because I strongly consider this team like one of the most innovating companies in the Security space, mainly because they are securing an important part of Internet: DNS with their Umbrella Platform, leveraging the power of Cloud-based Predictive Analytics.

So, inside Cisco Security, I think that the reach that OpenDNS could be even more massive, because they would have more resources, personnal and great strategists behind like Hilton Romanski, one of the masterminds behind the #SecurityEverywhere strategy. But you should be wondering why Cisco wants to pay 636 Million for OpenDNS.

The first part of the answer is very simple: the numbers of the company are outstanding, and its developed technology is unique. Just read inside the post that David Ulevitch, CEO at OpenDNS wrote for his employees and for the world:

OpenDNS’s technological innovations set the foundation to make the last three years here incredible; for instance, we’ve averaged more than 20% growth every quarter for the last ten consecutive quarters. We’re more than 300 employees, we’re closing $1M annual recurring revenue deals, and we’ve added more than 2,000 paying customers this year alone. We have global deployments with the largest companies in the world and a superb retention rate that is without compare in our industry.Fortunately for us, we’ve also always had amazing, passionate customers who gave us invaluable feedback and helped guide our product’s direction. We developed our solutions with the belief that if we built and delivered what customers want, we’d build a healthy, thriving business. And we have. Today we protect 65M Internet users around the world and the entire workforces of Fortune 50 companies. Which is all a long way of saying that we didn’t have to sell this company. We have always used revenue as a way of controlling our own destiny. We made this decision to sell OpenDNS because I believe we can take our incredible teams and technologies, and harness the resources, reach, and scale of Cisco to deliver better products faster, while recognizing an incredible and rarely experienced milestone for all of us along the way.

The second part of the answer is in an ascending industry: Internet of Things, that Cisco has called Internet of Everything. But you should be wondering why OpenDNS is a key part of this strategy? Umm, just read the recent report released by the company about the State of Internet of Things Security in the Enterprise. IoT is here, and all devices need protection too, but Enterprise customers are not ready for this shift yet, and cybercriminals are aware of it.

So, OpenDNS is creating the first line of defense, protecting the domain names that any of these devices use to connect to the private corporate network or to Enterprise storage. Just read the recent thoughts about this from Mark Nunnikhoven, a Senior Security Researcher at OpenDNS, and one of the contributors to the report:

Some of these devices use an easily remembered domain name to allow the user access. That’s great for the user but also for the attacker. An attacker can collect these names and use them to attempt to access the storage directly.IoT devices collect a lot of data. That data is typically stored and processed in the cloud via a service provided by the device manufacturer. These systems are outside of the control of the user and security team’s control. Unless you completely block the service–which is not usually the right answer for anyone–you’re at the mercy of the provider.

If you want to see how Internet of Things needs more security, just read the report from Synack, where they made a very good evaluation of 16 devices focused in Home Automation, and the results are more than shocking:

What did we find? We wouldn’t be posting this if we thought there was nothing to be concerned about. We found that in general, the Internet of Things (IoT) industry has some work to do in terms of following best security practices.

To read the completed report, you can see the slides that they shared with the world here:

So, as you can see, Cisco is building the foundation for Security industry for the upcoming 20 to 50 years, making smart bets in ascending industries like Internet of Things. Next? Bitcoin?

Which will be the next one? FireEye, Skyhigh Networks or Palo Alto Networks for just to mention three in this space

FireEye and Palo Alto Networks could be part of this massive strategy too, but it’s hard to think about them for several reasons. First, both companies have massive market caps: 7.534 Billion and 14.548 Billion respectively, and it’s a lot of money to spend for an acquisition for any of them.

Second: in the case of FireEye, Cisco has built an incredible division with the inclusion of the companies that I mentioned before to revamp its security business thinking in how to protect their customers for Advanced Persistent Threats in Real-Time, which is the main business behind FireEye; although the products and solutions from the company are in high demand for its effectiveness and its great ROI. They have another brilliant business strategy: first, creating very good products based in cutting-edge research for threat intelligence and advanced persistent threat protection in real-time, and second, buying Mandian, which was raising like a direct competitor . Third, in the case of Palo Alto Networks, they have built an incredible set of high-performance firewall products, which could be used for phisical and cloud-based networking; but if they are a public company too with a lot of room for growth, so if Cisco wants them, it could be a very expensive acquisition.

Now, in the case of Skyhigh Networks, which is other of my favourite companies in the Cloud Security space, it could be a great fit for the Cisco’s strategy. The company has built incredible products focused to protect Enterprise assets in the Cloud with high-performance and stability; and it’s a private company (yet) with a very well defined business model.

I don’t know if they are profitable yet, but at least their clients are very well known, including the same Cisco. The company has a valuation of $478.5 million and a total funding of $66,5 Million to date, backed by Greylock Ventures, Salesforce Ventures and Sequoia Capital so, I think they could be a very good adding to the Cisco’s Cloud Security division.


Like I said: Cisco is building the foundations to be the company to call when you have a security incident or if you want to protect your assets from cybercriminals. This line of acquisitions will just increase with time; the challenge here is to partner all these products and solutions in an unique way to secure its clients. And I believe that with these incredible teams, Cisco could become in the leader for many years of Networking Security. Time will say it.

Marcos Ortiz Valmaseda

Marcos Ortiz Valmaseda

Editor at The Panda Way, where I help companies to earn more income through #investing. Cloud Data Engineer in the morning at Grupo Intercorp
Lima, Peru